September 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Recently Patched Vulnerability in CUPS Allows DDoS Attacks to be Amplified
October 4, 2024
APT Group Gamaredon aka Shuckworm – Active IOCs
October 4, 2024
Recently Patched Vulnerability in CUPS Allows DDoS Attacks to be Amplified
October 4, 2024
APT Group Gamaredon aka Shuckworm – Active IOCs
October 4, 2024
Severity
Medium
Analysis Summary
CVE-2024-8372 CVSS:4.8
Google AngularJS could allow a remote attacker to bypass security restrictions, caused by improper sanitization of the '[srcset]' attribute HTML elements. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass common image source restrictions.
CVE-2024-8373 CVSS:4.8
Google AngularJS could allow a remote attacker to bypass security restrictions, caused by improper sanitization of the value of the [srcset] attribute in <source> HTML elements. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass common image source restrictions.
Impact
- Security Bypass
Indicators of Compromise
CVE
- CVE-2024-8372
- CVE-2024-8373
Affected Vendors
Google
Affected Products
- Google AngularJS - 1.3.0-rc.4
- Google AngularJS - 0.0.0
Remediation
Upgrade to the latest version of AngularJS NES, available from the AngularJS NES Website.